There’s nothing worse than starting your day at work with crucial programs being locked out of access. You need to submit an important document and you realize that you have been locked out of your Office 365 account and can’t get back in. You have tried the best you could such as resetting the PC and account, however still no success in unlocking the Office account. There are multiple reasons why your account can get locked out from Microsoft.
In this blog, we will address why users keep getting locked out of their Office 365 account and address how users can prevent being locked out. We will also address potential causes for this problem occurring and how users can prevent it from occurring again. We will provide multiple troubleshooting solutions so be sure to follow as many as possible in case the primary solution doesn’t get any results. Follow the step-by-step process below to see how you can fix users being locked out of their Office 365 accounts.
Step by step process – How to fix User keeps getting locked out of Microsoft 365
- First, sign in to your Office 365 account.
- Use the app launcher and navigate to admin.
- In the admin dashboard, under “admin centre”, click on “Azure Active Directory”(you may need to click “Show all” to access).
- Click on “All services”.
- Now click on “Azure AD Conditional Access”.
- Select the policy that restricts access.
- Finally, delete the policy.
A multitude of responsibilities is performed by an Active Directory (AD) administrator, one of which is maintaining the security of AD data. Configuring the appropriate AD account lockout policy is critical because it improves the security posture of the company by reducing risks such as brute force assaults. Securing your AD data may be the most difficult task, as it necessitates the detection and removal of all conceivable security flaws. This job gets considerably more difficult when using solely native tools or PowerShell.
In terms of AD user accounts, locked out users and inactive user accounts might pose a risk to data security. Anyone with malevolent intent might use them as a low-barrier access point. To detect any suspicious activity, IT administrators should track the frequency of account lockouts.
What is an account lockout, and how does it happen?
When a user account in an Azure AD DS managed domain reaches a certain number of failed sign-in attempts, it is locked out. This account lockout behavior is intended to protect you from automated digital attacks that use repeated brute-force sign-in attempts.
A fine-grained password policy is used to set the default account lockout limits. You can override these default account lockout levels if you have particular needs. However, increasing the threshold limitations to attempt to minimise the number of account lockouts is not suggested. First, figure out what’s causing the account lockout.
Why do AD accounts get locked out?
AD account lockouts are most common in mid-and large-sized organisations:
- When users use several devices, they are more likely to forget to change their AD password on each one.
- Because most users just shut the session window instead of signing out of the session after remote desktop sessions,
- When users plan Windows activities that require updated credentials but are presently being executed with expired credentials.
Because of all of these factors, monitoring AD account lockouts may take up a significant amount of time for IT administrators. ManageEngine ADManager Plus solves these problems by separating dormant user accounts from the rest of your Active Directory. The software comes with a number of pre-built reports that provide detailed views of a user’s account status and login information.
Account lockouts can be resolved via security audits
Enable security audits for Azure AD to troubleshoot when account lockout events occur and where they originate. Audit events are only recorded from the moment the functionality is enabled. Ideally, you should activate security audits before you have to address an account lockout issue. If a user account is regularly locked out, you may enable security audits to prepare for the next time it happens.
Report on disabled users in Active Directory
The Deactivated Users Report displays a list of all Active Directory user accounts that the AD administrator has disabled. The userAccountControl property is used to identify the domain’s disabled users. A simple CSV file import may be used to mass transfer these deactivated accounts to a different OU. If some of these disabled users need to be enabled or removed, it’s best to do so in batches to prevent any security risks. From the report interface, administrators may also enable or disable user accounts.
Step by step process – How to fix User keeps getting locked out of Microsoft 365
Step by step breakdown:
- First sign in to your Office 365 account.
Use your account details or if you have a current Skype account with the Office account in question, you can use this.
- Use the application launcher to navigate towards “Admin”.
The launcher is illustrated by nine dots in the right corner, click on it and find “Admin” as shown above.
- In the admin dashboard, under “admin center”, click on “Azure Active Directory”(you may need to click “Show all” to access).
In this example “Azure Active Directory” was pinned to the menu bar, however, in your dashboard you may need to click on “show all” which will bring you to the Azure Active directory panel.
- Click on “All services”.
- Now click on “Azure AD Conditional Access”.
- Select the policy that restricts access.
- Finally, delete the policy.
That’s it for this Blog thank you for taking time out to read our content, please feel free to email our team about how it went if you followed the steps or if you need more help with the questions we answered in this Blog.